Information Technology Act, 2000 (India)

Last Updated : 06 Dec, 2023





The Information Technology Act, 2000 also Known as an IT Act is an act

proposed by the Indian Parliament reported on 17th October 2000. This
Information Technology Act is based on the United Nations Model law on
Electronic Commerce 1996 (UNCITRAL Model) which was suggested by
the General Assembly of United Nations by a resolution dated on 30th
January, 1997. It is the most important law in India dealing with Cybercrime
and E-Commerce.
The main objective of this act is to carry lawful and trustworthy electronic,
digital and online transactions and alleviate or reduce cybercrimes. The IT
Act has 13 chapters and 94 sections. The last four sections that starts from
‘section 91 – section 94’, deals with the revisions to the Indian Penal Code
1860.
The IT Act, 2000 has two schedules:
 First Schedule –
Deals with documents to which the Act shall not apply.
 Second Schedule –
Deals with electronic signature or electronic authentication method.
The offences and the punishments in IT Act 2000 :
The offences and the punishments that falls under the IT Act, 2000 are as
follows :-
1. Tampering with the computer source documents.
2. Directions of Controller to a subscriber to extend facilities to decrypt
information.
3. Publishing of information which is obscene in electronic form.
4. Penalty for breach of confidentiality and privacy.
5. Hacking for malicious purposes.
6. Penalty for publishing Digital Signature Certificate false in certain
particulars.
7. Penalty for misrepresentation.
8. Confiscation.
9. Power to investigate offences.
10. Protected System.
11. Penalties for confiscation not to interfere with other punishments.
12. Act to apply for offence or contravention committed outside India.
13. Publication for fraud purposes.
14. Power of Controller to give directions.
Sections and Punishments under Information Technology Act, 2000 are as
follows :
 SECTION PUNISHMENT

This section of IT Act, 2000 states

that any act of destroying, altering
or stealing computer
system/network or deleting data
with malicious intentions without
authorization from owner of the
computer is liable for the payment
to be made to owner as
Section 43 compensation for damages.

This section of IT Act, 2000 states

that any corporate body dealing
with sensitive information that
fails to implement reasonable
security practices causing loss of
other person will also liable as
convict for compensation to the
Section 43A affected party.

Hacking of a Computer System

with malicious intentions like
fraud will be punished with 3
years imprisonment or the fine of
Section 66 Rs.5,00,000 or both.

Fraud or dishonesty using or

transmitting information or
identity theft is punishable with 3
years imprisonment or Rs.
Section 66 B, C, D 1,00,000 fine or both.

This Section is for Violation of

privacy by transmitting image of
private area is punishable with 3
years imprisonment or 2,00,000
Digital Signature
A digital signature is a mathematical technique used to validate the
authenticity and integrity of a message, software, or digital document.
1. Key Generation Algorithms: Digital signature is electronic
signatures, which assure that the message was sent by a
particular sender. While performing digital transactions
authenticity and integrity should be assured, otherwise, the data
can be altered or someone can also act as if he was the sender
and expect a reply.
2. Signing Algorithms: To create a digital signature, signing
algorithms like email programs create a one-way hash of the
electronic data which is to be signed. The signing algorithm then
encrypts the hash value using the private key (signature key).
This encrypted hash along with other information like the
hashing algorithm is the digital signature. This digital signature is
appended with the data and sent to the verifier. The reason for
encrypting the hash instead of the entire message or document
is that a hash function converts any arbitrary input into a much
shorter fixed-length value. This saves time as now instead of
signing a long message a shorter hash value has to be signed
and moreover hashing is much faster than signing.
3. Signature Verification Algorithms : Verifier receives Digital
Signature along with the data. It then uses Verification algorithm
to process on the digital signature and the public key
(verification key) and generates some value. It also applies the
same hash function on the received data and generates a hash
value. If they both are equal, then the digital signature is valid
else it is invalid.
The steps followed in creating digital signature are :
1. Message digest is computed by applying hash function on the
message and then message digest is encrypted using private
key of sender to form the digital signature. (digital signature =
encryption (private key of sender, message digest) and message
digest = message digest algorithm(message)).
2. Digital signature is then transmitted with the message.(message
+ digital signature is transmitted)
3. Receiver decrypts the digital signature using the public key of
sender.(This assures authenticity, as only sender has his private
 key so only sender can encrypt using his private key which can
thus be decrypted by sender’s public key).
4. The receiver now has the message digest.
5. The receiver can compute the message digest from the message
(actual message is sent with the digital signature).
6. The message digest computed by receiver and the message
digest (got by decryption on digital signature) need to be same
for ensuring integrity.
Message digest is computed using one-way hash function, i.e. a hash
function in which computation of hash value of a message is easy but
computation of the message from hash value of the message is very
difficult.

Assurances about digital signatures

The definitions and words that follow illustrate the kind of assurances
that digital signatures offer.
1. Authenticity: The identity of the signer is verified.
2. Integration: Since the content was digitally signed, it hasn’t
been altered or interfered with.
3. Non-repudiation: demonstrates the source of the signed
content to all parties. The act of a signer denying any affiliation
with the signed material is known as repudiation.
 4. Notarization: Under some conditions, a signature in a Microsoft
Word, Microsoft Excel, or Microsoft PowerPoint document that
has been time-stamped by a secure time-stamp server is
equivalent to a notarization.
Benefits of Digital Signatures
 Legal documents and contracts: Digital signatures are legally
binding. This makes them ideal for any legal document that
requires a signature authenticated by one or more parties and
guarantees that the record has not been altered.
 Sales contracts: Digital signing of contracts and sales contracts
authenticates the identity of the seller and the buyer, and both
parties can be sure that the signatures are legally binding and
that the terms of the agreement have not been changed.
 Financial Documents: Finance departments digitally sign
invoices so customers can trust that the payment request is from
the right seller, not from a bad actor trying to trick the buyer into
sending payments to a fraudulent account.
 Health Data: In the healthcare industry, privacy is paramount for
both patient records and research data. Digital signatures
ensure that this confidential information was not modified when it
was transmitted between the consenting parties.
Drawbacks of Digital Signature
 Dependency on technology: Because digital signatures rely on
technology, they are susceptible to crimes, including hacking. As
a result, businesses that use digital signatures must make sure
their systems are safe and have the most recent security
patches and upgrades installed.
 Complexity: Setting up and using digital signatures can be
challenging, especially for those who are unfamiliar with the
technology. This may result in blunders and errors that reduce
the system’s efficacy. The process of issuing digital signatures to
senior citizens can occasionally be challenging.
 Limited acceptance: Digital signatures take time to replace
manual ones since technology is not widely available in India, a
developing nation.
Digital Certificate
Digital certificate is issued by a trusted third party which proves
sender’s identity to the receiver and receiver’s identity to the sender.
A digital certificate is a certificate issued by a Certificate Authority (CA)
to verify the identity of the certificate holder. Digital certificate is used to
attach public key with a particular individual or an entity.
Digital certificate contains
 Name of certificate holder.
 Serial number which is used to uniquely identify a certificate, the
individual or the entity identified by the certificate
 Expiration dates.
 Copy of certificate holder’s public key.(used for decrypting
messages and digital signatures)
 Digital Signature of the certificate issuing authority.
Digital certificate is also sent with the digital signature and the
message.
Advantages of Digital Certificate
 NETWORK SECURITY : A complete, layered strategy is required
by modern cybersecurity methods, wherein many solutions
cooperate to offer the highest level of protection against
malevolent actors. An essential component of this puzzle is
digital certificates, which offer strong defence against
manipulation and man-in-the-middle assaults.
 VERIFICATION : Digital certificates facilitate cybersecurity by
restricting access to sensitive data, which makes authentication
a crucial component of cybersecurity. Thus, there is a decreased
chance that hostile actors will cause chaos. At many different
endpoints, certificate-based authentication provides a
dependable method of identity verification. Compared to other
popular authentication methods like biometrics or one-time
passwords, certificates are more flexible.
 BUYER SUCCESS : Astute consumers demand complete
assurance that the websites they visit are reliable. Because
digital certificates are supported by certificate authority that
users’ browsers trust, they offer a readily identifiable indicator of
reliability.
Disadvantages of Digital Certificate
 Phishing attacks: To make their websites look authentic,
attackers can fabricate bogus websites and obtain certificates.
Users may be fooled into providing sensitive information, such
as their login credentials, which the attacker may then take
advantage of.
  Weak encryption: Older digital certificate systems may employ
less secure encryption methods that are open to intrusions.
 Misconfiguration: In order for digital certificates to work, they
need to be set up correctly. Websites and online interactions can
be attacked due to incorrectly configured certificates.
Digital certificate vs digital signature
Digital signature is used to verify authenticity, integrity, non-
repudiation ,i.e. it is assuring that the message is sent by the known
user and not modified, while digital certificate is used to verify the
identity of the user, maybe sender or receiver. Thus, digital signature
and certificate are different kind of things but both are used for security.
Most websites use digital certificate to enhance trust of their users

Feature Digital Signature Digital Certificate

A digital signature
secures the integrity of Digital certificate is a file
a digital document in a that ensures holder’s
similar way as a identity and provides
Basics / fingerprint or security.
Definition attachment.

It is generated by CA
Hashed value of original
(Certifying Authority)
data is encrypted using
that involves four steps:
sender’s private key to
Key Generation,
generate the digital
Process / Registration,
signature.
Steps Verification, Creation.
 Feature Digital Signature Digital Certificate

Authenticity of
It provides security
Sender, integrity of the
and authenticity of
Security document and non-
certificate holder.
Services repudiation.

It follows Digital
It follows X.509
Signature Standard
Standard Format
Standard (DSS).

Cyberspace and its

Meaning
The term Cyberspace seemed to have originated from a Science fiction
movie. However, in the 21 century, it has become an integral part of our
st

lives. Let us learn what Cyberspace is, the importance of laws to determine
Cybersecurity in the introduction of Cyberspace.
Cyberspace

Cyberspace mainly refers to the computer which is a virtual network and is a

medium electronically designed to help online communications to occur. This
facilitates easy and accessible communications to occur across the world.
The whole Cyberspace is composed of large computer networks which have
many sub-networks. These follow the TCP or IP protocol.

The TCP (Transmission Control Protocol) is a standard for communications

that allows the application programs and other computing devices to
exchange data and messages over a Cyber network. These are designed to
send data across the internet which then makes sure that the sent data are
successfully delivered over the networks. It is the standards that are mostly
used to define the rules of the internet and are defined by the Internet
Engineering Task Force or IETF. It is a very commonly used protocol and it
ensures that there is an end-to-end delivery of data.

On the other hand, Internet Protocol or IP is the protocol or method that

involves sending data from one device to another using the internet. Each
and every device has an IP address that is unique to it and this gives it its
identity. The IP address enables communication and exchange of data to
other devices across the internet. It defines how devices and their
applications will exchange packages of data with each other and connected
networks. All the transfer occurs through either of the Internet Protocol
Suite or protocols i.e. either TCP or IP.

Cyberspace is that space in which users share information, interact with each
other; engage in discussions or social media platforms, and many other
activities. This concept was introduced by William Gibson in his book
‘Neuromancer’ which was done in 1894. Thus, this term is still widely used
among everyone as it is rapidly growing and used for various purposes by an
individual.
Cyber Laws and Cyber Security
In order to ensure that humans do not misuse Cyber technologies, Cyber
laws are generated. The overall idea of Cyberlaw is to stop any person from
violating the rights of other persons in Cyberspace. Any kind of violation of
Cyber rights is considered to be a Cyberspace violation and is deemed
punishable under Cyber Laws.

It is important to note that since Cyberspace does not belong to the physical
world, the physical laws do not apply to Cyberspace crime. A separate set of
Cyber laws are formulated by the government to provide Cybersecurity to
Cyber users. Such Cyber laws are needed to monitor and prevent any
immoral or illegal activities of humans. Some

of the common Cyberspace violation activities include hacking, theft, money

laundering, terrorism, piracy, etc. Hackers can get hold of any internet
account through the Domain Name Server (DNS), phishing, IP address, etc. to
get entry into the computer system of any person and steal the data, or
introduce computer bugs and render the system ineffective

Cyber Laws
Cyber laws encompass all the legal issues related to the communicative,
distributive and transactional aspects of network-related information devices
and technologies. It is different from the Property Law or any other law.
Unlike property law, it is not so distinct; it is broader since it covers several
areas of laws and regulations. It encapsulates the statutory, legal and
constitutional provisions related to computers and the internet. Cyber laws
are related to individuals and institutions that

 Play a crucial role in providing Cyberspace access to people

 Generates software and/or hardware to allow people with entry into
Cyberspace, and
 Make use of their computer system to gain entry into Cyberspace.



If we go by the Cyberspace definition, Cyberlaw can be considered as a

generic term related to all regulatory and legal properties of the internet. Any
activities of the citizen related to or concerned with the legal aspect of
Cyberspace come under the purview of Cyber laws.

To define the different arms of Cybersecurity, two main acts are considered
in India. They are:

 The Indian Penal Code, 1860

 The Information Technology Act, 2000
